Content deleted Content added
Filling in 4 references using Reflinks |
→Security: Adding reference, haven't done this before, will see how it goes... |
||
Line 9:
There is a replay attack against the basic access control protocol that allows an individual passport to be traced.<ref>{{cite web|last=Goodin |first=Dan |url=http://www.theregister.co.uk/2010/01/26/epassport_rfid_weakness/ |title=Defects in e-passports allow real-time tracking, The Register, Dan Goodin, 26th Jan 2010 |publisher=Theregister.co.uk |date=2010-01-26 |accessdate=2012-01-15}}</ref><ref>{{cite web|url=http://www.cs.bham.ac.uk/~tpc/Papers/PassportTrace.pdf |title=A Traceability Attack Against e-Passports, Tom Chothia and Vitaliy Smirnov, 14th International Conference on Financial Cryptography and Data Security 2010 |format=PDF |date= |accessdate=2012-01-15}}</ref> The attack is based on being able to distinguish a failed nonce check from a failed MAC check and works against passports with randomized unique identifiers and hard to guess keys.
The basic access control mechanism has been criticized as offering too little protection from unauthorized interception. Researchers claim <ref>{{
In other words, the data used as an encryption key has a low [[entropy]], meaning that guessing the session key is possible via a modest [[brute force attack]].
| |||